Backdoor-CGT has been labeled a low risk by most antivirus firms. But the Trojan's method of travel has one security firm worried that attackers are finding quicker ways to do their deeds.
Natasha Staley, an information security analyst for New York-based e-mail security firm MessageLabs Inc., said the Trojan is worrisome because it uses spam to spread quickly across the Internet.
"The scary thing about this is that it was spammed out, which allowed it to move rapidly in a short period of time," Staley said. "Attackers know they have a short window of opportunity when they launch Trojan horse programs, and this shows they are finding ways to move more quickly. The lines between viruses and spam are no longer clear."
The program -- also known as Xebiz-A, Troj/Xebix-A, and Trojan.Win32.Genme-A -- is installed after e-mail recipients using Microsoft Outlook follow a URL in the message, Cupertino, Calif.-based security software giant Symantec said in an advisory. Windows 2000, 95, 98, ME, NT, Server 2003 and XP are affected.
In its advisory, Panda Software of Glendale, Calif., said the Trojan connects to a sWeb site to download another Trojan, Zerolin-A, to the affected computer.
Staley said MessageLabs received nearly 4,000 e-mail messages linked to the Trojan during a two-hour period Tuesday morning, even though up-to-date versions of Outlook and antivirus software-protected systems are immune.
"The first 24-48 hours are always the most dangerous when something new like this appears," Staley said. "Because they allow remote access, someone can install key loggers and spyware and access financial data. It underscores the need for users to update their antivirus and keep their systems patched."